On 11/28/16 1:37 PM, Alexei Starovoitov wrote:
> On Mon, Nov 28, 2016 at 07:48:50AM -0800, David Ahern wrote:
>> Add a simple program to demonstrate the ability to attach a bpf program
>> to a cgroup that sets sk_bound_dev_if for AF_INET{6} sockets when they
>> are created.
>>
>> Signed-off-by: David Ahern <d...@cumulusnetworks.com>
> ...
>> +static int prog_load(int idx)
>> +{
>> + struct bpf_insn prog[] = {
>> + BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
>> + BPF_MOV64_IMM(BPF_REG_3, idx),
>> + BPF_MOV64_IMM(BPF_REG_2, offsetof(struct bpf_sock,
>> bound_dev_if)),
>> + BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_3, offsetof(struct
>> bpf_sock, bound_dev_if)),
>> + BPF_MOV64_IMM(BPF_REG_0, 1), /* r0 = verdict */
>> + BPF_EXIT_INSN(),
>> + };
>> +
>> + return bpf_prog_load(BPF_PROG_TYPE_CGROUP_SOCK, prog, sizeof(prog),
>> + "GPL", 0);
>> +}
>
> the program looks trivial enough :)
>
> Could you integrate it into iproute2 as well ?
yes, that is the plan. iproute2 can be used for all things vrf. As infra goes
into the kernel, support is added to iproute2
> Then the whole vrf management will be easier.
> The user wouldn't even need to be aware that iproute2 sets up
> this program. It will know ifindex and can delete
> the prog when vrf configs change and so on.
>
> Also please convert this sample into automated test like samples/bpf/*.sh
> we're going to move all of them to tools/testing/selftests/ eventually.
>
ok
